[real-eyes] iPhone keeps a database of all your movements
- From: Steven Clark <kcpadfoot@xxxxxxxxx>
- To: real-eyes@xxxxxxxxxxxxx
- Date: Thu, 21 Apr 2011 09:07:03 -0500
The following is from
flyingpenguin
the poetry of information security
http://www.flyingpenguin.com/?p=11532
iPhone keeps a database of all your movements
I recently wrote about a
German politician who successfully fought to get location data from his
mobile provider
.
A commenter said mobile devices have to be in constant contact with the
provider,
so there is bound to be location data. Fair enough, but my hope was to
focus on why
data is stored and why users are not made aware so they can opt-in or out.
Perhaps the following example will be more clear, as it removes the
network and service-model
entirely. Last year it was publicly disclosed that the
Apple iPhone keeps a record of movement in a local database
.
iPhoneTracker is an application that can read the database of locations
stored on your iPhone as well as the backups made with iTunes.
You should see something like this:
-rw-r–r– 00000000 00000000 28082176 1297319654 1297319654 1282888290
(4096c9ec676f2847dc283405900e284a7c815836)RootDomain::Library/Caches/locationd/consolidated.db
That text in brackets just before 'RootDomain::' is the name of the
actual file on
disk that holds the location data. Since it's an SQLite database file,
you can use
any standard SQLite browser, I'm using this Firefox plugin:
https://addons.mozilla.org/en-US/firefox/addon/sqlite-manager/
Open up the file, choose the 'CellLocation' table, and you can browse
the tens of
thousands of points that it has collected. The most interesting data is
the latitude,
longitude location and the timestamp. The timestamp shows the time in
seconds since
January 1st 2001.
Apple is not a provider, and there is no (yet) known use of this
information. Yet
their mobile devices by default store a detailed database of your
locations. They
even back it up, so you can monitor any Apple iPhone user's movements
just by reviewing
their iTunes sync data.
Why is Apple collecting this information?
It’s unclear. One guess might be that they have new features in mind
that require
a history of your location, but that’s pure speculation. The fact that
it's transferred
across devices when you restore or migrate is evidence the
data-gathering isn't accidental.
[...]
By passively logging your location without your permission, Apple have
made it possible
for anyone from a jealous spouse to a private investigator to get a
detailed picture
of your movements.
I guess the advantage over the German politician is that you don't have
to sue Apple
to see your data. The disadvantage is that the privacy laws directed at
providers
do not apply. You have been tracking yourself, but just didn't know it.
Apple conveniently left it in plain-text format for anyone (e.g. a
provider) to read
and sell. Some of it might be askew because it is using tower
triangulation instead
of GPS but I would wager they could easily upgrade the accuracy.
I recommend anyone with an iPhone (or iPad)
download the application
and create their own "What six months of your life looks like to Apple"
web page.
Even more fun could be to write an application that pollutes the
database with exotic
location data to show an iPhone going on virtual vacations.
Updated to add: Apple's name for the location tracking file is
"consolidated.db",
the same name as a radical anti-fascist industrial band from the late
1980s. Hat
tip to Jeremy Allaire for mentioning them to me. Ha, how far Apple has
come since
then, when we used to consider ourselves so alternative and secure on a
Mac. I'm
sure it's total coincidence; that and the fact that
disposableheroesofhiphoprisy.db
was far too obvious.
Posted in
Security
.
By
Davi Ottenheimer
–
2011-04-20T19:59
April 20, 2011
To subscribe or to leave the list, or to set other subscription options, go to
www.freelists.org/list/real-eyes
Other related posts:
- » [real-eyes] iPhone keeps a database of all your movements - Steven Clark
